Saved in:
Bibliographic Details
Main Authors: Arun, Arasu, Arnaud, Adam St., Titov, Alexey, Wilcox, Brian, Kolobaric, Viktor, Brinkmann, Marc, Ersoy, Oguzhan, Fielding, Ben, Bonneau, Joseph
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.19405
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929732783702016
author Arun, Arasu
Arnaud, Adam St.
Titov, Alexey
Wilcox, Brian
Kolobaric, Viktor
Brinkmann, Marc
Ersoy, Oguzhan
Fielding, Ben
Bonneau, Joseph
author_facet Arun, Arasu
Arnaud, Adam St.
Titov, Alexey
Wilcox, Brian
Kolobaric, Viktor
Brinkmann, Marc
Ersoy, Oguzhan
Fielding, Ben
Bonneau, Joseph
contents Machine learning programs, such as those performing inference, fine-tuning, and training of LLMs, are commonly delegated to untrusted compute providers. To provide correctness guarantees for the client, we propose adapting the cryptographic notion of refereed delegation to the machine learning setting. This approach enables a computationally limited client to delegate a program to multiple untrusted compute providers, with a guarantee of obtaining the correct result if at least one of them is honest. Refereed delegation of ML programs poses two technical hurdles: (1) an arbitration protocol to resolve disputes when compute providers disagree on the output, and (2) the ability to bitwise reproduce ML programs across different hardware setups, For (1), we design Verde, a dispute arbitration protocol that efficiently handles the large scale and graph-based computational model of modern ML programs. For (2), we build RepOps (Reproducible Operators), a library that eliminates hardware "non-determinism" by controlling the order of floating point operations performed on all hardware. Our implementation shows that refereed delegation achieves both strong guarantees for clients and practical overheads for compute providers.
format Preprint
id arxiv_https___arxiv_org_abs_2502_19405
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Verde: Verification via Refereed Delegation for Machine Learning Programs
Arun, Arasu
Arnaud, Adam St.
Titov, Alexey
Wilcox, Brian
Kolobaric, Viktor
Brinkmann, Marc
Ersoy, Oguzhan
Fielding, Ben
Bonneau, Joseph
Machine Learning
Machine learning programs, such as those performing inference, fine-tuning, and training of LLMs, are commonly delegated to untrusted compute providers. To provide correctness guarantees for the client, we propose adapting the cryptographic notion of refereed delegation to the machine learning setting. This approach enables a computationally limited client to delegate a program to multiple untrusted compute providers, with a guarantee of obtaining the correct result if at least one of them is honest. Refereed delegation of ML programs poses two technical hurdles: (1) an arbitration protocol to resolve disputes when compute providers disagree on the output, and (2) the ability to bitwise reproduce ML programs across different hardware setups, For (1), we design Verde, a dispute arbitration protocol that efficiently handles the large scale and graph-based computational model of modern ML programs. For (2), we build RepOps (Reproducible Operators), a library that eliminates hardware "non-determinism" by controlling the order of floating point operations performed on all hardware. Our implementation shows that refereed delegation achieves both strong guarantees for clients and practical overheads for compute providers.
title Verde: Verification via Refereed Delegation for Machine Learning Programs
topic Machine Learning
url https://arxiv.org/abs/2502.19405